[rectang]

From the abstract:

> This paper investigates cyber-physical attacks on avionics data buses, specifically focusing on the ARINC 429 protocol. The objective is to demonstrate how message injection, modification, and deletion attacks can be executed, enabling an attacker to gain full control over the transmitted data.

I wish that vehicular systems all had air-gap level separation of messages, rendering it physically impossible to disrupt messages to critical systems like flight controls. I suppose that's a naive perspective, but in the long run it's hard to believe that we won't have to resort to provably correct systems to thwart attacks.

> To accomplish this, we propose a method that involves modifying messages on the data bus without segmenting it.

Can we really live with avionics platforms as a setting for the same kind of perpetual arms race against attackers that we have for general operating systems?

[Veserv]

The problem described in the paper is not what you think it is. The paper effectively says: "Assume we control the wire to the flight controls, then we have complete control over whatever is sent to the flight controls." Not to belittle the technical work in constructing a implant that can manipulate the electrical signals in the wire in realtime, but the consequence of such access is as obvious as it is uninteresting.

Not to say that physical compromise of the wire is unbeatable; encryption makes it effectively impossible to spoof or rewrite messages, but the wires and communication protocol are already only intended for communication between trusted components (if you are communicating to untrusted components then you have to use something else like a data diode). The only really interesting part of the highlighted attack vector is that the "trusted wires" are likely not particularly physically separated from "non-trusted wires" or easy access which makes physical compromise at least plausible to achieve for a external malicious actor as compared to physically modifying one of the actual critical flight computers.

[likeabatterycar]

> then you have to use something else like a data diode

From what I read ARINC 429 is a one-way bus making this completely redundant and unnecessary.

[gte525u]

ARINC 429 definitely one way to do it. It has a fixed baud rate - there is no feedback to the transmitter. Typically, each "bus" contains a single or small subset of messages (called labels) over it.

[likeabatterycar]

> I wish that vehicular systems all had air-gap level separation of messages

From what I'm reading, ARINC 429 is as air-gapped as you can get. It is a one-way serial protocol (separate wires for transmit and receive). Only the wires that need to be connected are. Messages go from->to where they need to be.

Unless by air gapped you literally mean "don't connect anything together" at which point you no longer have a functioning vehicle.

[joe_the_user]

Another question would be: "Can we create systems intended to be permanently disconnected from the Internet?". Unfortunately, the answer seems to be no. You can see indications in the way that small water purification systems connect to the net just to save engineers from going in a weekends.

[SoftTalker]

There are other means of remote access besides internet. POTS (i.e. dial-up modems), cellular wireless, and other forms of radio are several that come to mind.

Internet is almost certainly the cheapest and easiest thing, which is why it's used.

[constantcrying]

>"Can we create systems intended to be permanently disconnected from the Internet?"

Any modern jet will function without internet.

[buildsjets]

Not permanently, which is the conjecture laid out by OP. At some point, there will need to be nav data updates, updates to the aircraft's required systems, updates to IFE systems, etc. Modern jets do all of that wirelessly. Additionally, every single modern jet uploads all recorded engine parameters from the flight to the engine manufacturer after it arrives at the gate. Do I know what I am talking about? Ref. username.

[constantcrying]

Sure, I have worked on multiple plane systems which were connected wirelessly, even to the internet. (Although that is something which I am extremely glad I have left behind me and would never brag about in my profile name)

Even though, a modern jet is still able to function without internet.

[joe_the_user]

Yes but my point is whether the system can be "never on the Internet" (hence never subject to constantly evolving hacks) and it doesn't seem like the systems you describe are necessarily that.

[constantcrying]

If it requires physical access an attacker can also attack the analog systems which are controlled by the software.

>I wish that vehicular systems all had air-gap level separation of messages, rendering it physically impossible to disrupt messages to critical systems like flight controls.

This is just false. There is nothing in the world which makes physically separating two airplane systems impossible.

>Can we really live with avionics platforms as a setting for the same kind of perpetual arms race against attackers that we have for general operating systems?

The comparison is false. OSs are exposed to the entire world. Airplane systems require physical access.

[contingencies]

Airplane systems require physical access.

... to potentially only one of the components within the system, at any point in its lifetime, across the entire supply chain and all build, test/verify, operations and maintenance processes.

(Edit in reply to child: Yes, obviously "the components within the system" means those actually connected, not a number 3 sprocket in seat 63E's incline mechanism. You have re-iterated my point.)

[constantcrying]

False. Most components are not connected to any of the relevant busses.

And if you had control over the specific component you need the plane is already compromised, whether the bus is open to spoofing or not is an irrelevant question.

[p_l]

Not physically disconnecting AFDX network from IFE network was one of the reasons 787 got delayed, because even with various Bush cuts to enforcement Boeing was told to go pound sand and redo the wiring until non-avionics bits were physically separated from avionics.

TL;DR it's already a standard and has been ever since possiblity of sharing the networks came to be